HearCare MED-EL Data Privacy Policy
Information on data processing
We care about the protection of your personal data and your privacy. For this reason, we will inform you in the following about our handling of your personal data, in particular for what we process your personal data, to whom we transmit them, and the data protection claims and rights to which you are entitled.
Please read the following information carefully.
About this Policy
This policy explains, how your personal information is collected, used and protected by MED-EL and its branches (https://www.medel.com/about-medel/med-el-offices-worldwide). Further information on specific offers, products and services are described directly in the related sections. We will always comply with the statutory data protection regulations when dealing with your personal data. For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.
Who is responsible for data processing?
The responsible controller is:
MED-EL Elektromedizinische Geräte Gesellschaft m.b.H. Fürstenweg 77a 6020 Innsbruck Austria Tel.: +43 5 77 88 [email protected]
The responsible data protection officer can be contacted directly:
Alternatively, the responsible data protection officer can be contacted by adding attn. Data Protection Officer to the postal address above.
Which data are being processed and from which sources does this data come from?
We process personal data that we receive directly from you by registering for and using the HearCare MED-EL mobile application.
Your personal data includes in particular:
- Name as entered in your myMED-EL profile
- Email address as entered in your myMED-EL profile
- Demographic information such as country as entered in your myMED-EL profile
- Data about your MED-EL audio processor such as serial number, ear side
- Data about your MED-EL cochlear implant such as serial number, ear side
- Data about the configuration of your MED-EL audio processor such as fitting data
For what purposes and on what legal basis is your data being processed?
Login
You can log in to the HearCare MED-EL mobile application via myMED-EL. We will retrieve the following data from your myMED-EL account: first name, last name, email address, and country. If you provide it, we additionally process this optional data: profile picture. For authentication myMED-EL uses the Auth0 software component which requires the transfer of your email address and password for a secure login process. See https://auth0.com/terms/ and https://auth0.com/privacy/ for more information. If you use the HearCare MED-EL mobile app in demo mode we do not process any personal data.
Purpose
Login to the HearCare MED-EL mobile application.
Legal Basis
Performance of a contract - Art. 6 (1) lit. b) GDPR
Connection of MED-EL audio processors
You can connect MED-EL audio processors to use the HearCare MED-EL mobile application to perform technical system checks and to use remote care functionalities. For connection you have to provide data about your MED-EL audio processors to us (e.g., audio processor type, serial number, configured ear side).
Purpose
Connection of MED-EL audio processors to perform technical system checks and to use remote care functionalities via the HearCare MED-EL mobile application.
Legal Basis
Performance of a contract - Art. 6 (1) lit. b) GDPR
Guardian Roles
In the HearCare MED-EL mobile application you can define three different Guardian Roles:
- Administrator: Get notifications about the person under care, use all app functions and manage the audio processor of the person under care. Act as a main manager for the person under care, update user profiles, add or remove other guardian users and maintain permission levels. Access to all data of the person under care.
- Controller: Get notifications about the person under care and access the main app functions (e.g., system checks, remote care, …) of the managed user.
- Observer: Get notifications (e.g., new audio processor connected) about the person under care.
The notification function uses Firebase Cloud Messaging, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA94043, USA.
This service is used to send push messages or so-called in-app messages (messages that are displayed within the respective app). In this case, the device is assigned a pseudonymized push reference, which serves as the destination for the push messages or in-app messages. This function can be deactivated and activated in the settings of the device at any time. Information on Firebase data privacy can be found here: https://firebase.google.com/support/privacy/.
Purpose
Support of a person under care as a guardian via the HearCare MED-EL mobile application.
Legal Basis
Consent - Art. 6 (1) lit. a), 9 (2) lit. a) GDPR and Performance of a contract - Art. 6 (1) lit. b) GDPR
Hearing care
The remote care functionalities enable you to retrieve care remotely by your hearing professional. To be able to participate in remote care you have to provide related data to us (e.g., results of technical system checks, audio processor configuration data, questionnaire data, …). Your hearing professional can request access to your shared data. This request has to be accepted by you or one of your guardians. Granted access can be withdrawn by you at any point in time via the HearCare MED-EL mobile application.
Purpose
Participate in remote care.
Legal Basis
Consent - Art. 6 (1) lit. a), 9 (2) lit. a) GDPR and Provision of health care - Art. 9 (2) lit. h) GDPR
Application Usage Data
Based on your consent, anonymized application usage data (e.g., malfunctions of the software, model, version and status information of the component, as well as the model, operating system, language and country of the device) is collected with App Center Analytics, provided by Microsoft, South County Business Park, One Microsoft Place, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland. https://privacy.microsoft.com/privacystatement
Purpose
To analyze product performance, service and reliability data and to improve user experience of the HearCare MED-EL mobile application and future mobile applications.
Legal Basis
Consent - Art. 6 (1) lit. a) and Legitimate Interest - Art. 6 (1) lit. f) and Art. 89 GDPR - statistics, research and improvement of our products and services.
To get access to all information regarding data protection please read the privacy policy for general data.
Audio Processor Usage Data
Based on your consent, for SONNET 2 and RONDO 3 audio processors we retrieve data from your hearing device (e.g., number of boots, operation time). If you granted your hearing professional access to your data to perform hearing care, audio processor usage data is also shared with your hearing professional.
Purpose
To analyze product performance, service and reliability data and to improve user experience of the HearCare MED-EL mobile application and future mobile applications. To improve quality of hearing care provided by your hearing professional.
Legal Basis
Consent - Art. 6 (1) lit. a), 9 (2) lit. a) GDPR and Legitimate Interest - Art. 6 (1) lit. f) and Art. 89 GDPR - statistics, research and improvement of our products and services.
To get access to all information regarding data protection please read the privacy policy for general data.
Who receives your data?
Data can be passed on within the MED-EL group. Only those branches, departments or employees have access to your data that they need for proper processing.
Transmission of data to third parties
We use various service providers and third parties (“data processors”) to continuously improve our mobile applications and to provide you with user-friendly services. All data processors used in the HearCare MED-EL mobile application are stated in the section above. MED-EL only uses data processors who have signed the corresponding data protection agreements and offer sufficient guarantees under applicable law. As far as possible, we select cooperation partners who are based or have their servers within the European Union (EU).
In order to be able to offer you certain services, we commission third-party providers with headquarters or servers outside the EU. Unless otherwise stated we use the EU standard contractual clauses as suitable guarantees: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj to ensure a GDPR-compliant level of protection for your data. In addition, we pay attention to additional security and data protection measures and certifications of our partners.
Update
Updating of your personal data takes place primarily on the basis of your direct feedback or changes performed within the HearCare MED-EL mobile app.
How long will your data be stored?
Your data will be deleted as soon as storage is no longer required (e.g., fulfilling legal retention requirements, generation, execution or defense of legal requirements). If you deinstall the app your data will not be deleted as long as your app account or your myMED-EL account is active. We may also anonymize your data instead of deleting them. In this case any information suitable to determine your identity will be irrecoverably deleted.
Your rights
You have the right of access, the right to rectification, erasure, restriction of processing, data portability and the right to object. Where data processing requires your consent, you can withdraw your consent to future use at any time. You also have the right to complain to the relevant data protection authority.
Is there an obligation to provide data?
Provision of data and technical information is depending on your consent or on the features you want to use in the HearCare MED-EL mobile app.
Is my data used for automated decision making including profiling?
We do not use automated decision-making according to Art. 22 GDPR.
Security
We are committed to ensure that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect within the HearCare MED-EL mobile application. Please refer to the Instruction for Use for further security information.
Links to other websites
The HearCare MED-EL mobile application may contain links to other websites or mobile applications of interest. However, once you have used these links to leave the HearCare MED-EL mobile application you should note that we might not have any control over the other website or mobile application. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website or mobile application in question.
Change Information
We will update this data protection information when changing our mobile application or for other reasons requiring such updates. The valid version is always available in the mobile application. Release date of current version: 01.12.2023
